package com.wsy.oauth;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
// 启用资源服务
@EnableResourceServer
public class OauthResourceServer extends ResourceServerConfigurerAdapter {

    @Value("${security.oauth2.client.client-id}")
    private String clientId;
    @Value("${security.oauth2.authorization.check-token-access}")
    private String checkTokenAccess;
    @Value("${security.oauth2.client.client-secret}")
    private String clientSecret;
    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    /**
     * security配置：所有请求需要认真
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest()
                .authenticated();
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    //oauth2中默认资源服务器使用jwt的token
    /**
     * 验证token时,资源服务器作为客户端想oauth2发送请求的配置
     * oauth2默认生成的token中,包含的有客户端信息,密钥
     * @param resources
     * @throws Exception
     */
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
//        remoteTokenServices.setClientId(clientId);
//        remoteTokenServices.setCheckTokenEndpointUrl(checkTokenAccess);
//        remoteTokenServices.setClientSecret(clientSecret);
//        // 当前服务作为Oauth2的资源服务，id表示
//        resources.resourceId(resourceId);
//        //  资源服务要想oauth2发送请求，验证token，这个过程，oauth2是作为客户端来访问
//        resources.tokenServices(remoteTokenServices);
//    }
}
